Great Circle Associates Firewalls
(December 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Firewalls-Digest V6 #574
From: Steve Kruse <jsk347 @ sprynet . com>
Date: Fri, 12 Dec 1997 08:50:11 -0500
To: Stacy Millions <stacy @ Millions . CA>, Firewalls @ GreatCircle . COM
In-reply-to: <34900821 . 96D6547E @ Millions . CA>
References: <199712110027 . QAA21311 @ honor . greatcircle . com>

At 10:34 AM 12/11/97 -0500, Stacy Millions wrote:
>"Warren Moore"<warren .
 moore @
 cbis .
 com> said:
>> Paul McNabb reputedly said:
>> <snip>
>> >
>> >>  From: "Craig I. Hagan" <hagan @
 cih .
w...maybe by 2021 the desktops will have caught up.

   More SNIPPED to save bandwidth

>I think you are overly optimistic :-( The big problem with the stability of
>most of these "new technologies" has more to do with cultural issues than
>technical issues. I would imagine that the "poor old dinosaur mainframes"
>would have a stability problem too, if the users of the systems were able
>to download the latest "cool app" from the net and install it.
>Most organizations that I have seen are not willing to spend the amount of
>money need to support a computer on everyone's desk. And why should they?
>After all these are commodity items, like a toaster, you just have to plug
>it in and go. Right? Why do you need all the overhead of change managment,
>QA, etc. for a PC?
>I wish M$soft the best of luck with their zero administration initiative,
>I'm just not holding my breath for it to happen.

Stacy rasies an important point here that I haven't seen discussed much.
The value of "change control" and "authorized applications on the desktop"
can not be stressed enough in a security sense.  Allowing users (or at
least not stating a policy against) the unauthorized loading, downloading
and/or execution of company unapproved software from within the secured
enviornment is very important.  As a security officer, you spend bucks to
install firewalls, maintain access control lists, force people to change
their passwords, you audit the enviornment, and then let them bring in a
virus, trojan horse or some other nasty.  

Firewalls, ACL's, passwords and the like can only do their job if they
aren't undermined by users and/or a lack of policy. Stacy is correct in
that MVS is not something that the user can load stuff onto 'cuz it looks
geewhiz kewl; and the Mainframe has been properly maintained by Systems
Programmers who are trained (gasp!!! not....T-R-A-I-N-I-N-G???!!!).
Allowing users to control their environment space (in a computer sense)
without proper training on how they can affect the whole company is counter
productive to any security implementation.

Steve Kruse
Milkyway Networks 

Flames Ignored...comments always welcome. 
* jsk347 @
 sprynet .
 com (Personal E-Mail)        *
* skruse @
 milkyway .
 com (Company E-Mail)        *
*                     *

Indexed By Date Previous: Proxy Source
From: "Faggioni, Gabriele" <Gabriele . Faggioni @ COMPAQ . COM>
Next: usubscribe firewalls
From: "Arthur Bender" <sbender @ iglou . com>
Indexed By Thread Previous: Re: Firewalls-Digest V6 #574
From: Stacy Millions <stacy @ Millions . CA>
Next: Re: Firewalls-Digest V6 #574
From: Christophe Dupre <cdupre @ risq . qc . ca>

Search Internet Search